working with you

Why?

From our qualification portfolio and use of technology, to our locations around the world, we are built around
our customers and are driven by the desires of the consumer. We work closely to not only anticipate, understand
and satisfy our customer’s needs, but also provide the inspiration that can help them achieve even greater
success.

How?

Our People understand the power of collaboration and who are encouraged to be curious and seek out new ways to
satisfy unmet needs. We take pride in the intimate relationships our people have with our customers and their
ability to remain close to them through our local operations, working both directly and indirectly with them to
help meet their needs. This is why we work hard to recruit the best talent and to source the specialist
knowledge we require.

PQS Data Protection and Data Security Policy.

Definition

There are a number of reasons why personal data is collected and kept at PQS, for example about employees, learners and other stakeholders.

Through this policy we aim to ensure that current and future students, colleagues and business partners feel confident that PQS is a safe and secure place to work or to do business.

Failure to comply with data protection requirements when handling personal data is breaking the law. This can result in large fines and other legal sanctions. Data breaches can also cause significant distress to individuals and have an adverse impact upon PQS’s reputation.

It is the responsibility of all staff or others who access or use personal information to adhere to this Data Protection Policy.
General Principles
PQS will be open and transparent when processing and using private and confidential information by ensuring we follow the 8 Data Protection Principles of good data handling:

Principle 8: Personal data shall not be transferred outside the European Union unless that country provides adequate levels of protection for the rights of the data subject.
Purpose

The purpose of this policy is to:

define the requirements of the General Data Protection Regulation (“GDPR”) as applied by UK Data Protection Legislation in the context of PQS;
clarify responsibilities and duties, and set out the structure, within which they will be discharged.

Scope, Roles and Responsibilities
This policy applies to all Staff of Professional Qualification Services (“PQS” “the Company”).
For the purposes of this policy, the term “Staff” means all members of Company staff including permanent, fixed term, and temporary staff, governors, secondees, any third party representatives, agency workers, volunteers, interns, agents and sponsors engaged with the Company in the UK or overseas.
This policy applies to all personal and sensitive personal data, accessed or used by PQS staff, as well as, for example, contractors and consultants, processed on computers and stored in manual (paper based) files. It aims to protect and promote the rights of individuals and the Company. Individual roles and responsibilities are as follows;
The SMT provide the Governance Group of data protection matters within PQS.
Individual Directors also have oversight of data protection and are accountable for their departments/areas of operation.

The Data Protection Officer (in the case the Responsible Officer) is the designated PQS contact for all matters related to data protection and first point of contact with the regulator (Information Commissioner’s Office).
Data Protection Liaison Officers support the Data Protection Officer in fulfilment of her/his duties (currently other members of the SMT).
All staff are responsible for adhering to this policy as per the Terms & Conditions of employment.

Formats of Data
The formats in which personal data is handled can range from:
Personal Data:
Any information which relates to a living individual who can be identified from the information. It also extends to any information which may identify the individual. Examples of personal data are:
A person’s name and address (postal and email)
Date of birth
Statement of fact
Any expression or opinion communicated about an individual
Minutes of meetings, reports
Emails, file notes, handwritten notes, sticky notes
CCTV footage if an individual can be identified by the footage
Employment and student applications
Spreadsheets and/or databases with any list of people set up by code/number
Employment or Education history

Sensitive Personal Data:
Any information relating to an individual’s:
Ethnicity
Gender
Religious or other beliefs
Political opinions
Membership of a trade union
Sexual orientation
Medical history
Offences committed or alleged to have been committed by that individual
This category of data requires enhanced security measures such as encryption, password protection and stricter electronic as well as manual access controls (e.g. a locked filing cabinet).

Other categories of data also require enhanced protection for example, bank details, other financial details and national insurance numbers.
This policy also applies to de-identified (pseudonymised) personal data where individuals can be re-identified from other information e.g. student numbers and staff numbers.
Active learners:
If you are a student or apprentice on a course that provides Chartered Manager accreditation we will receive the following information about you from you or your training provider or employer:
Title (e.g. Mr./Miss/ etc)
First Name
Surname
Date of Birth
Gender
University email address
Postal Address
Telephone Number
Start Date of Qualification
Expected Completion Date of Qualification
Expected Graduation Date
Your assignments
Attesting Qualifications

For former learners, we retain the information required to process certificates or to attest certificates as requested by you or on your behalf (e.g. for a new employer). This information includes replacement certificate record, record of lost/stolen/destroyed certificate, centre name, centre number, learner name, learner number, title of qualification completed, date of qualification completed, home address at time of qualification, date of birth, last known email address.
Automatically from the Website
This includes your IP address and browsing behaviour. Understanding the way you interact with our site enables us to improve our service to you. Our cookies policy explains our use of cookies and Google Analytics to collect and analyse this information and how long we retain personally identifying information collected by cookies. We use this information for our legitimate interest in ensuring that content from our site is presented in the most effective manner for you and for your computer

We use this information in the following ways:
To provide you with information about PQS events, newsletters, research, surveys, PQS communities that may be of interest to you, and such products or services that you request from us or which we feel may be of interest to you;
To provide you with services under your membership agreement or any other contract we make with you; and
To notify you about changes to our services.
We retain information about our members for a period of 12 months following the completion of their qualification, except as required to protect our legitimate interests or those of third parties, or (as set out below) to enable us to attest qualifications or membership, after which time we will erase all data other than that needed to comply with our statutory and regulatory obligations.
Third Party Data Processing
Personal data cannot be processed by a third party unless the third-party Data Processing Agreement has been approved and signed by PQS and the Data Processor (i.e. the third party).
In certain instances where the relationship around data sharing is more complex it may be necessary to agree a Data Sharing Agreement between the interested parties. Please contact the Data Protection Officer for advice (see below).
Ad-hoc third-party requests for personal data (for example from the police) are referred directly to the Data Protection Officer.

Who do we share personal data with?
PQS shares your personal information with the following categories of recipient;
Third Party Processors who host and process personal information on our behalf. In this case, information held on our server, a third-party Data Processing Agreement has been approved and signed by PQS and the Data Processor (i.e. GoDaddy) (please see Appendix 1);
Regulators; PQS is applying to become an awarding body and be regulated by Ofqual. Consequently we would be required to register the details of Active Learners with Ofqual at the point of certification and retain this information for audit and support reasons.
Data Protection by Design and Default

It is the responsibility of all staff to incorporate Data Protection by Design and Default into all activities, processes or projects that may involve the use of personal data. This includes undertaking a Data Protection Impact Assessment (DPIA) screening assessment, and where appropriate, a full Data Protection Impact Assessment to establish the controls needed for protecting personal data. Methods of control include, for example, encryption, anonymisation and pseudonymisation.
Personal data breaches
It is the responsibility of all staff to immediately notify the Data Protection Officer by phone if you become aware that personal data is lost, misused, compromised or stolen. This includes, for example, the loss of a laptop.
Where necessary, the Data Protection Officer will report breaches to the Information Commissioner’s Office (ICO) and notify all individuals affected.
Deliberate misuse of personal data will result in disciplinary action and may lead to criminal prosecution. Examples of misuse include sharing passwords between colleagues, asking a colleague to give you data about a data subject or browsing data through PQS systems about data subjects. This list is not exhaustive.

Security and Safeguards
PQS’s systems are located both inside (United Kingdom) and outside (Turkey) the EEA and are managed and maintained in accordance with the UK Government’s’ Cyber Essentials standard.
The PQS system development team use the latest technologies to provide the best user friendly, secure, reliable and efficient system.
We transfer personal data to third party processors outside the European Economic Area (Turkey) only after taking such steps as are required to ensure that Personal Data they process on our behalf receives protection equivalent to that provided in the EEA. Where processors are located outside the EEA they have entered into an agreement with us containing the model clauses approved by the European Commission as providing contractual protection equivalent to that provided by the data protection regulations applicable in the EEA.
Our system is hosted on Godaddy’s servers and the security and the privacy of our data is secured and insured by;
GoDaddy Legal Agreements and Policies https://au.godaddy.com/legal-agreements and
Their privacy policy https://au.godaddy.com/agreements/showdoc?pageid=PRIVACY
that in a plus of our base64 inscription of the users data that done by our engineers and using 2 firewalls systems in our server and backup in suppurate servers on GoDaddy as well and in our office every 2 hours we are sure that we are providing the best security and privacy that we can provide
We use;
A Laravel 5.6 framework as the base of our server side development;
VUE JS for our front-end interfaces.
An object based database structure using MySQL 5.7 for saving the data.
Azure Redis for the cache, with data inscription developed by our team which make our data unreadable outside of our software.
SSH Certification for our software so it can be run in https protocols.

The right to rectification if the information held is inaccurate or incomplete
The right to restrict processing and/or erasure of personal data
The right to data portability
The right to object to processing
The right to object to automated decision making and profiling
The right to complain to the Information Commissioner’s Office (ICO)

In addition, individuals can request access to the personal data held about them.
You have the right to update and correct the personal information we hold about you. You also have the right to request from us all personal information that we hold that relates to you, to request restriction of the processing of that data and to request that we delete that data or object to continued processing where it is excessive or no longer required for the purpose for which it was collected. Where allowed by applicable law there may be an administrative charge for supply of copies of data and we may also require you to provide us with appropriate identification before we comply with this request. You may also have the right to data portability.

You can manage your PQS communication preferences by writing to us or emailing us at dataprotection@pqsglobal.org or unsubscribe at the bottom of any non-essential emails you may receive from us.
Contact us
Professional Qualification Services is registered on the Information Commissioner’s register of data controllers, number ZA472833
You can contact us by writing to Professional Qualification Services, 87-89 Plashet Road, London E13 0RA or by phoning our switchboard on 0203 962 6833.
Contact our Data Protection Officer at dataprotection@pqsglobal.org

If you have a complaint about the way in which we use your personal information you have the right to complain to the Information Commissioner www.ico.gov.uk.
We will update this policy from time to time to reflect changes in our business.

MANAGING COOKIES

How Professional Qualification Services (PQS) use Cookies

Whenever you use our website information may be collected through the use of Cookies and similar technologies.

What are ‘Cookies’?

Cookies are small text files which are downloaded to your computer or mobile device when you visit a website or application. Your web browser (such as Internet Explorer, Mozilla Firefox or Google Chrome) then sends these Cookies back to the website or application on each subsequent visit so that they can recognise you and remember things like personalised details or user preferences.
Cookies are very useful and do lots of different jobs which help to make your experience on websites as smooth as possible. For example, they let you move between web pages efficiently, remembering your preferences, and generally improving your experience (see below for more examples). They can also help to ensure that adverts you see online are more relevant to you and your interests.
They are referred to as session or persistent Cookies, depending on how long they are used:
Session Cookies only last for your online session and disappear from your computer or device when you close your browser.
Persistent Cookies stay on your computer or device after the browser has been closed and last for the period of time specified in the cookie. These persistent Cookies are activated each time you visit the site where the cookie was generated.

Which Cookies do PQS use and why?

When you use our website, the following categories of Cookies may be set on your device:
1. ‘Strictly Necessary' Cookies
These Cookies are essential in helping you to move around our website. These Cookies do not gather information about you that could be used for marketing or remembering where you've been on the internet.
Some examples of these essential Cookies include:
Remembering previous actions (such as text you've entered in a registration form) when navigating back to a page in the same session.
2. Functional Cookies
These Cookies allow websites and applications to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. The information these Cookies collect is usually anonymised which means we can't identify you personally. They do not gather any information about you that could be used for selling advertising or remembering where you've been on the internet but do help with serving advertising.
If you have any further questions, please contact us as follows:
by writing to Professional Qualification Services, 87-89 Plashet Road, London E13 0RA;
by phoning our switchboard on 0203 962 6833 or;
by email at dataprotection@pqsglobal.org
3. Analytics Cookies

In order to keep the PQS website relevant, easy to use and up-to-date, we use web analytics services to help us understand how people use it. For example, we can see which parts of the website are most popular, identify where visitors are accessing the site from, identify when errors occur, and test different versions of a page or feature to see which one works best.

The web analytics services may also use Cookies and similar technologies to make the information collected more useful. When you are viewing a website, a cookie is transferred to your browser by the web server and is stored on your computer. It can only be read by the server that gave it to you.

Cookies allow web analytics services to recognise your browser or device and, for example, identify whether you have visited our website before, what you have previously viewed or clicked on, and how you found us. The information is anonymous and only used for statistical purposes. It allows us to track information, such as how many individual users we have and how often they visit our websites. It also helps us to analyse patterns of user activity and to develop a better user experience.

Web analytics data and Cookies cannot be used to identify you as they never contain personal information such as your name or email address.
4. Targeting Cookies
We do not use any Cookies for targeted advertising.
These Cookies can track your visits around the web but they don't know who you are.
Without these Cookies, online advertisements you encounter will be less relevant to you and your interests. If you would like more information about Online Behavioural Advertising (OBA), including how to opt-out of these Cookies, please visit www.youronlinechoices.com .
5. Other Third Party Cookies
At times we may use a third party logo’s or advertising on our site that is not directly related to PQS e.g. Ofqual, ALTE etc.

If you press the logo to visit that site then these service providers may set their own Cookies on your web browser. These anonymous Cookies may be set by that third party to track the success of their application or to customise their application to you. PQS does not control the use of these Cookies and cannot access them due to the way that Cookies work, as Cookies can only be accessed by the party who originally set them. You should check the third party websites for more information about these Cookies.

How to Control Your Cookies

Please remember that PQS may combine information from your registration with the data we get from the web analytics services we use and their Cookies (or similar technologies) to analyse how you and other people use our website in detail.
These Cookies are set to improve your experience on our websites and to enable you to benefit from specific features and to set preferences.
However, there are various ways that you can control and manage your Cookies which are discussed in a bit more detail below. Please remember that any settings you change will not just affect the PQS Cookies. These changes will apply to all websites that you visit (unless you choose to block Cookies from particular sites).

Managing Cookies in your Browser
Most popular browsers will allow you to:
See what Cookies you've got and delete them on an individual basis.
Block third party Cookies.
Block Cookies from particular sites.
Block all Cookies from being set.
Delete all Cookies when you close your browser.
You should be aware that any preferences will be lost if you delete Cookies. Ironically, this includes where you have opted out from Cookies, as this requires an opt-out cookie to be set. Also, if you block Cookies completely many websites will not work properly and some functionality on these websites will not work at all. We do not recommend turning Cookies off for these reasons.
If you are primarily concerned about third party Cookies generated by advertisers, you can turn these off separately. This is discussed in more detail below.
The links below take you to the ‘Help' sections for each of the major browsers so that you can find out more about how to manage your Cookies:

It is possible to opt out of having your anonymised browsing activity within websites recorded by analytics Cookies. PQS uses the following analytics providers and you can opt out of their Cookies by clicking on the following links. Please note that this will take you to the relevant third party's website and generate a ‘no thanks' cookie, which will stop any further Cookies being set by those third parties.
Don't forget that by not allowing analytics Cookies, this stops us from being able to learn what people like or don't like about website so that we can make it better.

Google Analytics
http://tools.google.com/dlpage/gaoptout

Managing Flash Cookies
The most common types of Cookies are Hyper Text Transfer Protocol (HTTP) Cookies. You can control these using the mechanisms described above. As well as HTTP Cookies, there are other technologies which work in a similar way to Cookies called Flash Local Stored Objects (LSOs). LSOs can be controlled manually by visiting the Adobe website:
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager06.html
LSOs may be used to store user preferences for media player functionality and without them some video content may not play properly. We therefore do not recommend turning these Cookies off.